Posted On: Oct 22, 2020

In August 2020, Amazon Certificate Manager (ACM) launched a feature to share Certificate Authorities (CA) between AWS accounts using AWS Resource Access Manager (RAM). With today’s launch, App Mesh customers will be able to use a certificate authority shared with their AWS account while configuring TLS between services in their mesh.  

AWS App Mesh is a service mesh that provides application-level networking to standardize how your services communicate, giving you end-to-end visibility and enabling controls to tune for high-availability of your applications. App Mesh provides an integration with AWS Certificate Manager (ACM) Private Certificate Authority (PCA), to enable TLS between connected services, in a manner that does not require changes to application code.  

With ACM PCA’s launch, customers can create a CA in one account and then use ACM in a second account to issue a private certificate to authenticate services deployed in the second account. This workflow expands the usability of ACM Private CA so that your organization can build a centralized CA hierarchy and allow issuance across many accounts while following ACM PCA's best practices, which fits the needs of how customers build on AWS today.  

With this launch, App Mesh brings support for shared ACM PCA, where customers can use their organization’s central CA to issue certificates to services in a mesh in their account. This helps manage the overall cost of CA infrastructure, when the same organization is deploying services using separate AWS accounts.  

To learn more about ACM PCA, read the blog. To get started using App Mesh, see AWS App Mesh example walkthroughs on Github or the Configure App Mesh integration with Kubernetes tutorial in AWS Documentation. To learn more about AWS App Mesh, see the product page or documentation.